Use Jolokia to monitor JMX endpoint of webapp on same Tomcat server

Question

Jolokia<\/a> is uncharted territory for me, and after having read the documentation, I'm still not sure if it'll work with the scenario I have in mind.

• <\/li>
• <\/li><\/ul>

  Possible gotcha's:<\/strong>

  • The only thing that can be changed is the JMX port number<\/li>
  • <\/li>
  • <\/li><\/ul>

    Goal:<\/strong>

    1. <\/li>
    2. Also, is there another agent that's more suited for this scenario?<\/li>
    3. <\/li><\/ol>"

Answer 1

First of all, Jolokia by passes the JSR-160 connector stuff completely, so there is no need for any JMX/RMI authentication. The whole purpose of Jolokia is to provide a bridge over HTTP/JSON to the internal JMX subsystem. Depending on the agent, you can secure Jolokia quite easily. For the WAR agent, securing is the same as for any Java EE web app: Setup some roles and users for tomcat (eg in tomcat-users.xml ) and reference the role in the security contstraints within the jolokia.war 's /WEB-INF/web.xml .

To your questions:

1. Yes, you can. If you don't have any specific authentication needs, simply drop the jolokia.war into tomcat's /webapps directory. I suggest to try this first before adding security. For deinstalling the agent, simply remove the war.

2. As an alternative, you could also use the JVM agent, which opens an own HTTP server on an extra port (default: 8778). More on this in the reference manual

3. There is no need for a dedicated connection to the web app since MBeans are registered globally and are accesible from anywhere in the JVM. A webapp should of course select carefully the management information it exposes. So, there is no extra step needed and you can access the MBeans for the WEB app directly (except when it does something unusual with Java security, but I don't think so).

To test the installation, simply connect to the Tomcat with your browser and the context /jolokia (eg " http://localhost:8080/jolokia "). You should see the version information about the agent itself.

The next step would be to explore the JMX namespace, either with the browser (and operation "list" like in http://localhost:8080/jolokia/list , but that's tedious) or with a client like j4psh or hawt.io . Hopefully you will find the MBeans of your webapp you are looking for.

Answer 2

I tried to follow carefully the tutorial on the Jolokia website. I put the Jolokia Agent War on the webapps folder of the Tomcat and started it. When I finally go to verify the installation, point my browser to http://localhost:8080/jolokia/version ==> I get no response on my browser : Website not accessible. When I try a curl on the same URL, I get this output :

curl http://localhost:8080/jolokia/version <!doctype html>HTTP Status 401 – UnauthorizedH1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}

HTTP Status 401 – Unauthorized

Status Report状态报告

The request has not been applied because it lacks valid authentication credentials for the target resource.该请求未应用，因为它缺少目标资源的有效身份验证凭据。

Apache Tomcat/7.0.92

Any help will be much appreciated, Thanks !